ROSA LABROSA-SA-2021-1989Advisory ROSA-SA-2021-1989
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
22.9%
Software: trousers 0.3.14
OS: Cobalt 7.9
CVE-ID: CVE-2020-24330
CVE-Crit: HIGH
CVE-DESC: A problem was discovered in TrouSerS before 0.3.14. If the tcsd daemon is running with root privileges and not the tss user, it will not be able to reset the root gid privilege when it is no longer needed.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-24331
CVE-Crit: HIGH
CVE-DESC: a problem was found in TrouSerS before version 0.3.14. If the tcsd daemon is running with superuser privileges, the user tss still has read and write permissions to the /etc/tcsd.conf file (which contains various settings related to this daemon).
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-24332
CVE-Crit: MEDIUM
CVE-DESC: An issue was discovered in TrouSerS before version 0.3.14. If the tcsd daemon is run as root, the creation of the system.data file is vulnerable to symbolic link attacks. The tss user can be used to create or corrupt existing files, which can lead to a DoS attack.
CVE-STATUS: default
CVE-REV: Default
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
22.9%